Hackers Don’t Take Holidays

Hackers Don’t Take Holidays

You may be planning to relax during the Christmas and New Year’s holidays, but cyber criminals aren’t. That’s the message sent out by the Cybersecurity and Infrastructure Security Agency (CISA) as a reminder to stay vigilant with cybersecurity during a time when many organizations are winding down and taking time off at the end of the year.

In their article, the CISA indicates that there aren’t any specific threats that they want to warn about, but hackers have a pattern of increasing their strikes on holidays and especially holiday weekends. Just this year, the CISA reports that significant ransomware attacks took place on Mother’s Day weekend, Memorial Day weekend and the Fourth of July weekend.

Cyber criminals not only increase their activity during holidays, they also tie their messages to the season hoping that people will not realize that they’re falling into a trap. For example, there’s usually an increase in requests for donations from charities at the end of the year so make sure that you examine all email to make sure that it’s legitimate.

Additionally, beware of look-alike websites of big-name retail and logistics companies that ask you to input personal or credit card information. And don’t do any financial transactions on unencrypted channels.

Related: Read about a true cyber attack story and how a company lost $160,000 because they didn't notice a slight difference in the letters that spell their domain

Cybersecurity Best Practices Defend Against Increased Threats

The CISA reminds government and private sector organizations of all sizes to maintain essential security best practices and they include the recommendation for threat hunting in your cybersecurity tactics. Threat hunting applications use Artificial Intelligence to identify unknown threats, unlike antivirus and firewalls which block known threats.

The way that these applications work is to learn about normal network traffic so that when something happens out of the ordinary, they can respond and stop the suspected intruder. Threat hunting is included in XPERTECHS’ DEFEND cybersecurity services.

The CISA’s recommendations for protecting your organization from ransomware and other malicious software are the same as what we here at XPERTECHS have been advocating for quite some time. These include:

  1. Maintain an offline backup of your data.
  2. Don’t click on suspicious links.
  3. Secure and monitor remote desktop applications
  4. Update your software and operating systems.
  5. Use strong passwords and multi-factor authentication.
  6. Secure your network with segmentation, filtering and port scanning.
  7. Secure and manage user accounts, including admin and super user accounts.
  8. Have an incident response plan ready.

Do You Have Cybersecurity Peace of Mind?

Cybersecurity isn’t a project or a checklist that you can look at once a year. It’s an ongoing process that needs to be managed and modified as the threat landscape changes. If you don’t have peace of mind about the security (and the future!) of your business, then get in touch and we’ll help you determine if your security posture matches up with your risk tolerance.

Schedule a Security Consultation